General
-
Target
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974
-
Size
1.2MB
-
Sample
211220-rb8b5sbebj
-
MD5
420d8eb15cf219dac5df1ea74aef9705
-
SHA1
a25f017611c802a7c1ea0f2a3b1ec6a3cc64e8af
-
SHA256
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974
-
SHA512
21aadd06d4f8911480d93782e3b64516dfb0598354010bfa39f5e2c101c88070f89d772c2ac6885e7346e6b19e14cdf44517dd7e2e0ea427b75ffb0a3afd7c15
Static task
static1
Behavioral task
behavioral1
Sample
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974.exe
Resource
win10-en-20211208
Malware Config
Extracted
raccoon
1.8.3-hotfix
5781468cedb3a203003fdf1f12e72fe98d6f1c0f
-
url4cnc
http://194.180.174.53/brikitiki
http://91.219.236.18/brikitiki
http://194.180.174.41/brikitiki
http://91.219.236.148/brikitiki
https://t.me/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
prepepe.ac.ug
Targets
-
-
Target
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974
-
Size
1.2MB
-
MD5
420d8eb15cf219dac5df1ea74aef9705
-
SHA1
a25f017611c802a7c1ea0f2a3b1ec6a3cc64e8af
-
SHA256
0c26c4bc2912317d4e104beae3e4315f7042531fa1f044ebd3da11dea4f6d974
-
SHA512
21aadd06d4f8911480d93782e3b64516dfb0598354010bfa39f5e2c101c88070f89d772c2ac6885e7346e6b19e14cdf44517dd7e2e0ea427b75ffb0a3afd7c15
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-